windows messenger pop-up at startup

[Frank Byrum]

I don't want windows messenger nor do I want the pop-up.
Can you guide me through the proceedure to eliminate it
from popping up. If not do you suggest I contact the FCC
to see who is responsible for this pop-up?

 

[Bruce Chambers]

Greetings --

There are at least three varieties of pop-ups, and the solutions
vary accordingly. Which specific type(s) is troubling you?

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you may
well be open to other threats, such as the Blaster Worm that recently
swept cross the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does almost nothing to
truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Myself, I use Norton Internet Security,
which, in addition to containing Norton Anti-Virus and Personal
Firewall, also blocks many of the pop-up adds on the Internet.

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
http://security.kolla.de/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Alun Jones [MS MVP]]

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
...
Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

Sadly, Bruce, someone over at Microsoft has apparently turned the link you
quoted (which used to be a fine document on enabling ICF in order to stop
Messenger Service spam _and_ unwanted hacking attempts) into a "head in the
sand" approach, by suggesting that users merely disable Messenger Service.
I'm with you, in that I think this is a wrong-headed approach, but while we
work to remind Microsoft that this is about securing people's systems, not
about closing our eyes (like the IBM adverts) to the problem of uninvited
and forged packets, here's a link that does tell you how to enable ICF on
Windows XP:

http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp

Alun.
~~~~
P.S. Worse still, whoever changed the contents of the "stopspam" page also
put a link to it on the Microsoft front page.

[Please don't email posters, if a Usenet response is appropriate.]

 

[Kevin Davis³]

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

Oh, and don't forget that the Messenger Service would also provide a
useful service to hackers if it is not patched:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Setup a firewall first, but if you don't need the Messenger Service,
turn it off. If you need it, patch it. You would also be well
advised to spend $50 and buy a home router.

Be especially wary of people who would insist on having you keep the
Messenger Service on as a "helpful feature" and conveniently
forgetting to inform you that it has a very serious vulnerability that
needs to be patched immediately.

And of particular interest is that Microsoft itself and security
experts are seriously reconsidering the role of the Messenger service:

http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html

http://www.pcworld.com/news/article/0,aid,113321,tk,dn110703X,00.asp

http://news.com.com/2100-7355_3-5095935.html

Here's a link where Microsoft actually outright advises the user to
turn off the Messenger Service:

http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp


Those who would advise not to turn off the Messenger Service for the
less than trivial unintended side benefit of being a warning is
dispensing advice which contradicts the advice of many real security
professionals.

 

[Bruce Chambers]

Greetings --

Thanks for the "heads-up." I'll certainly stop referring people
to the link I was using.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

helpful?

Sadly, Bruce, someone over at Microsoft has apparently turned the link you
quoted (which used to be a fine document on enabling ICF in order to stop
Messenger Service spam _and_ unwanted hacking attempts) into a "head in the
sand" approach, by suggesting that users merely disable Messenger Service.
I'm with you, in that I think this is a wrong-headed approach, but while we
work to remind Microsoft that this is about securing people's systems, not
about closing our eyes (like the IBM adverts) to the problem of uninvited
and forged packets, here's a link that does tell you how to enable ICF on
Windows XP:

http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp

Alun.
~~~~
P.S. Worse still, whoever changed the contents of the "stopspam" page also
put a link to it on the Microsoft front page.

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | (e-mail address removed).
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD

Explorer.

 

[Alun Jones [MS MVP]]

Oh, and don't forget that the Messenger Service would also provide a
useful service to hackers if it is not patched:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bul
letin/ms03-043.asp

So patch it.

Be especially wary of people who would insist on having you keep the
Messenger Service on as a "helpful feature" and conveniently
forgetting to inform you that it has a very serious vulnerability that
needs to be patched immediately.

I don't think that anyone's "insisted on having you keep the Messenger
Service on". I've _suggested_ that people use it as a really simple measure
that lets you know very quickly if there's a hole in your firewall. I stand
by that advice - but I do agree that patching it is a necessity.

Firewalls are necessary. Intrusion Detection Systems are useful. Messenger
Service acts as an IDS, thanks to the flood of adverts that only comes in
when you have no firewall, or your firewall is broken. IDSs have previously
been known to have bugs in them, even exploitable ones. The solution is not
to lose all IDS, but to fix the bugs by installing the patches that become
available.

And of particular interest is that Microsoft itself and security
experts are seriously reconsidering the role of the Messenger service:

Sure. If you have a better IDS to use, it's a good idea to disable the
Messenger Service if you have no other use for it. It allows
unauthenticated users of the network to send messages. A bad thing,
definitely, on an open network, but install a firewall, and it's not an open
network any more.

Here's a link where Microsoft actually outright advises the user to
turn off the Messenger Service:

http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp

And last week, the very same link contained notes advising the user to
enable the built-in firewall. I'm hoping it'll say that next week, as well,
because turning off the Messenger Service merely hides the problem that
unauthenticated traffic is allowed into your computer and may trigger
exploits in any service you have installed on your system. Messenger
Service is but one of these, and while it's a good idea to disable it for
any of a number of reasons, especially if you can't patch it to remove the
bugs, there are bugs you don't know about - and that Microsoft doesn't know
about - in services that you haven't - or maybe can't - disable. So,
whether you disable Messenger Service or not, you _still_ need a firewall.

Those who would advise not to turn off the Messenger Service for the
less than trivial unintended side benefit of being a warning is
dispensing advice which contradicts the advice of many real security
professionals.

Me, I have the Messenger Service still running. Always have. Haven't yet
seen an advert on my computer, nor have I had anyone exploit it. Of course,
I have patched it, but the key here is that my firewall is in place, so I
don't have to hope and pray that MS caught all the bugs in every other
service, as I would if I had merely disabled the Messenger Service and
stayed without a firewall. Now, please go find a "real security
professional" who can disagree with that.

You appear to be in a bit of a snit because several of us disagreed with
your rather sad advice to just disable the Messenger Service, without
mentioning a firewall. Get over it.

And anyone who wants to secure their computer against the Messenger Service
attack, or any of a number of other port-based attacks, I'd suggest starting
at http://www.microsoft.com/protect, or
http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp for
specific instructions on how to enable the built-in firewall in Windows XP.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Kevin Davis³]

I don't think that anyone's "insisted on having you keep the Messenger
Service on". I've _suggested_ that people use it as a really simple measure
that lets you know very quickly if there's a hole in your firewall. I stand
by that advice - but I do agree that patching it is a necessity.

I used the word insisting since some ridicule or at best vehemently
object to those who would suggest turning it off, ridiculously
implying that there is some malicious intent.

Firewalls are necessary. Intrusion Detection Systems are useful. Messenger
Service acts as an IDS, thanks to the flood of adverts that only comes in
when you have no firewall, or your firewall is broken. IDSs have previously
been known to have bugs in them, even exploitable ones. The solution is not
to lose all IDS, but to fix the bugs by installing the patches that become
available.

Sorry, but the Messenger Service is by no means considered nor should
it be considered a legitimate IDS. The last thing one should do is
use something, particularly in the security arena, that it was never
intended to do. The Messenger Service was never intended to be any
kind of IDS whatsoever.

Sure. If you have a better IDS to use, it's a good idea to disable the
Messenger Service if you have no other use for it. It allows
unauthenticated users of the network to send messages. A bad thing,
definitely, on an open network, but install a firewall, and it's not an open
network any more.

If you really want an IDS (most home users don't need them) then
download and run Snort. And use the Messenger Service for it's
intended use.

And last week, the very same link contained notes advising the user to
enable the built-in firewall. I'm hoping it'll say that next week, as well,

The user should do both.

because turning off the Messenger Service merely hides the problem that
unauthenticated traffic is allowed into your computer and may trigger
exploits in any service you have installed on your system. Messenger
Service is but one of these, and while it's a good idea to disable it for
any of a number of reasons, especially if you can't patch it to remove the
bugs, there are bugs you don't know about - and that Microsoft doesn't know
about - in services that you haven't - or maybe can't - disable. So,
whether you disable Messenger Service or not, you _still_ need a firewall.

Geesh you people really don't read what I write do you? In this same
message that I wrote that you responded to, I said the user should
first setup a firewall. Why do you keep bringing this up implying
that I am against firewalls when the exact opposite is true and has
been stated over and over as such?

Me, I have the Messenger Service still running. Always have. Haven't yet
seen an advert on my computer, nor have I had anyone exploit it. Of course,
I have patched it, but the key here is that my firewall is in place, so I
don't have to hope and pray that MS caught all the bugs in every other
service, as I would if I had merely disabled the Messenger Service and
stayed without a firewall. Now, please go find a "real security
professional" who can disagree with that.

Read the links. Security experts put pressure on Microsoft to disable
the Messenger Service by default. Didn't have to go to far to find a
reference when it was right in the post that you responded to.

Me, I have the Messenger Service both patched *and* turned off. Guess
what? I don't have to HOPE AND PRAY that MS has caught all the bugs
in this service because it is not running on my machine. Your
firewall, just like any software like the Messenger Service can
absolutely have vulnerabilities. So, if the hacker gets past your
firewall, you have an additional potential weakness that I don't.

In addition, the user should not be running NetBIOS over TCP/IP and
make sure that TCP/IP is not bound to NetBEUI or file sharing. If the
user needs to use Windows file sharing over their local LAN, they
should install a separate protocol like NetBEUI or IPX and isolate it
from TCP/IP. In the corporate world that is not always practical, but
at home, it is usually fine and definitely much more secure.

You appear to be in a bit of a snit because several of us disagreed with
your rather sad advice to just disable the Messenger Service, without
mentioning a firewall. Get over it.

No, I'm in a "snit" because people doing several things:

1) Dispensing bad security advice few, if any security professionals
would agree with. As long as this happens, I will continue to correct
the bad advice. Get over that.

2) The continuous misrepresentations of me saying not to run firewalls
which is a lie.

3) People who are dispensing advice to leave the Messenger Service
running are not even warning that it has a very serious vulnerability
and needs to be patched. Incredible.

4) The ridiculous notion that running a service simply to have it
there to in some cases (certainly not all or even most) if there is a
breach to be a warning system - something it was never intended for,
is of a higher value than leaving it turned off to avoid having it be
an actual tool for a hacker to use. If a hacker gets through the
firewall, he is not going to kindly send a pop-up message alerting you
to his presence. That's what sad advice is.

And anyone who wants to secure their computer against the Messenger Service
attack, or any of a number of other port-based attacks, I'd suggest starting
at http://www.microsoft.com/protect, or
http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp for
specific instructions on how to enable the built-in firewall in Windows XP.

Do that first. Then disable the Messenger Service if you don't need
it.